ROOTREPEAL (c) AD, 2007-2009
Scan Start Time: 2009/09/07 08:18
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
Drivers
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB8903000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79CF000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PCI_PNP4540
Image Path: \Driver\PCI_PNP4540
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB6A3D000 Size: 49152 File Visible: No Signed: -
Status: -
Name: sple.sys
Image Path: sple.sys
Address: 0xF74D6000 Size: 1048576 File Visible: No Signed: -
Status: -
Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -
Name: svvoy.sys
Image Path: C:\WINDOWS\system32\drivers\svvoy.sys
Address: 0xF76D7000 Size: 61440 File Visible: No Signed: -
Status: -
Hidden/Locked Files
Path: Volume C:
Status: MBR Rootkit Detected!
Path: Volume C:, Sector 1
Status: Sector mismatch
Path: Volume C:, Sector 2
Status: Sector mismatch
Path: Volume C:, Sector 3
Status: Sector mismatch
Path: Volume C:, Sector 4
Status: Sector mismatch
Path: Volume C:, Sector 5
Status: Sector mismatch
Path: Volume C:, Sector 6
Status: Sector mismatch
Path: Volume C:, Sector 7
Status: Sector mismatch
Path: Volume C:, Sector 8
Status: Sector mismatch
Path: Volume C:, Sector 9
Status: Sector mismatch
Path: Volume C:, Sector 10
Status: Sector mismatch
Path: Volume C:, Sector 11
Status: Sector mismatch
Path: Volume C:, Sector 12
Status: Sector mismatch
Path: Volume C:, Sector 13
Status: Sector mismatch
Path: Volume C:, Sector 15
Status: Sector mismatch
Path: Volume C:, Sector 19
Status: Sector mismatch
Path: Volume C:, Sector 22
Status: Sector mismatch
Path: Volume C:, Sector 24
Status: Sector mismatch
Path: Volume C:, Sector 29
Status: Sector mismatch
Path: Volume C:, Sector 30
Status: Sector mismatch
Path: Volume C:, Sector 32
Status: Sector mismatch
Path: Volume C:, Sector 33
Status: Sector mismatch
Path: Volume C:, Sector 34
Status: Sector mismatch
Path: Volume C:, Sector 35
Status: Sector mismatch
Path: Volume C:, Sector 36
Status: Sector mismatch
Path: Volume C:, Sector 37
Status: Sector mismatch
Path: Volume C:, Sector 42
Status: Sector mismatch
Path: Volume C:, Sector 44
Status: Sector mismatch
Path: Volume C:, Sector 45
Status: Sector mismatch
Path: Volume C:, Sector 46
Status: Sector mismatch
Path: Volume C:, Sector 48
Status: Sector mismatch
Path: Volume C:, Sector 49
Status: Sector mismatch
Path: Volume C:, Sector 50
Status: Sector mismatch
Path: Volume C:, Sector 51
Status: Sector mismatch
Path: Volume C:, Sector 52
Status: Sector mismatch
Path: Volume C:, Sector 54
Status: Sector mismatch
Path: Volume C:, Sector 55
Status: Sector mismatch
Path: Volume C:, Sector 57
Status: Sector mismatch
Path: Volume C:, Sector 58
Status: Sector mismatch
Path: Volume C:, Sector 59
Status: Sector mismatch
Path: Volume C:, Sector 62
Status: Sector mismatch
Stealth Objects
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: services.exe (PID: 732) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: lsass.exe (PID: 744) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwqbxiehnc.dll]
Process: svchost.exe (PID: 908) Address: 0x006b0000 Size: 53248
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 908) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1008) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1148) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1236) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1296) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1448) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: aswUpdSv.exe (PID: 1504) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: AAWService.exe (PID: 1520) Address: 0x00d10000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: ashServ.exe (PID: 1576) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: spoolsv.exe (PID: 1864) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: LVPrcSrv.exe (PID: 1912) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 508) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: mDNSResponder.exe (PID: 536) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: jqs.exe (PID: 1224) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: LVComSer.exe (PID: 1360) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: nvsvc32.exe (PID: 1988) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: HPZipm12.exe (PID: 192) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: RichVideo.exe (PID: 236) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 392) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: TomTomHOMEService.exe (PID: 428) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: winvnc.exe (PID: 576) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: ashMaiSv.exe (PID: 2120) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: unsecapp.exe (PID: 2136) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: ashWebSv.exe (PID: 2168) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: wmiprvse.exe (PID: 2204) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: alg.exe (PID: 2460) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: WgaTray.exe (PID: 2400) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: Explorer.EXE (PID: 2540) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: LVComSer.exe (PID: 420) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: TPG Usage Meter.exe (PID: 3464) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: realsched.exe (PID: 4060) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: jusched.exe (PID: 712) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: SOUNDMAN.EXE (PID: 3580) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: RUNDLL32.EXE (PID: 960) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: Quickcam.exe (PID: 2176) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: Communications_Helper.exe (PID: 812) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: iTunesHelper.exe (PID: 2368) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: HPWuSchd2.exe (PID: 2448) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: hpcmpmgr.exe (PID: 3608) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: ashDisp.exe (PID: 2348) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: svchost.exe (PID: 1976) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: apdproxy.exe (PID: 2688) Address: 0x00340000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: hpqtra08.exe (PID: 872) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: LogitechDesktopMessenger.exe (PID: 2912) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: iPodService.exe (PID: 1620) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: hptskmgr.exe (PID: 3264) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: COCIManager.exe (PID: 3732) Address: 0x10000000 Size: 32768
Object: Hidden Module [Name: ytasfwtpqxteix.dll]
Process: RootRepeal.exe (PID: 3236) Address: 0x10000000 Size: 32768